On Sun, Dec 15, 2019 at 9:43 PM Liu Hao <lh_mo...@126.com> wrote: > > 在 2019/12/16 4:00, Jeffrey Walton 写道: > > > > If RTFM was going to work, then it would have happened in the last 50 > > years or so. > > > > If error free programming was going to happen, then it would have > > happened in the last 50 years or so. > > > > Come back to reality. > > > > What's your point? Don't RTFM then don't code, period. > > > > > Microsoft calls them "safer" functions. They are "safer" then the > > original C functions they are supplementing. For completeness, > > Microsoft does not claim they are completely safe. > > > > They are of course not 'safer' for two reasons: > > One is that by having an additional parameter you ask for an additional > size argument, but it is still possible that the user passed a wrong > size, such as when you want the number of `wchar_t`s but your user > supplied the number of bytes, which you have no clue about. The best > advice would be using C++ templates to deduce the size of output buffer, > but it doesn't work in C, and even in C++ it works only when the > argument is an array, string, vector, etc. It doesn't work if the > argument is a pointer, in which case you still have to pass the size > yourself. > > The other reason is that by requiring more arguments you increase the > probability of bugs. Let's say there is a 1% chance that you pass a > wrong argument. Then if there is 1 argument, the probability that you do > everything right is 99%. If there are 2 arguments, it is 98.01%. If > there are 10 arguments, it is 97.0299%. If there are 100 arguments, it > is about 36.6%. It is not something we would like.
Typical of engineers... Now you are arguing for problems that don't exist. Perhaps you should stick with the problems that do exist. > > Hugh? Are you begging the argument: > > > > char* ptr = malloc (50); > > > > And then claiming you don't know the size? > > Why don't you use Java which keeps tracking of allocated arrays and > throws exceptions in case of out-of-bound access? Yeah, that's the answer. We could write the whole OS in JavaScript. > > Developer training does not work. If it was going to work, then it > > would have happened in the last 50 years or so. > > > > Microsoft recognized the fact years ago. You have to force developers > > to use something safer. [More useless shit snipped]. Jeff
